How to Enable Two-Factor Authentication (2FA)?

Two-factor authentication (2FA) adds an extra layer of security to the login process. After enabling 2FA, users will be required to enter a one-time code from a mobile authenticator app after entering their login and password.

When It Will Be Useful

• You need to increase login security for all users.
• You need to add an extra layer of protection against unauthorized access.
• You need to comply with your organization's or client's security requirements.

What's Important to Know

• 2FA (Two-Factor Authentication) is an authentication method that requires two factors for login: something you know (password) and something you have (one-time code from an app).
• After enabling 2FA, all users will be required to set up 2FA on their first login.
• Users use standard authenticator apps (Google Authenticator, Authy, Microsoft Authenticator, etc.).
• 2FA configuration is performed by ConnectiveOne technical support.

Before You Start

• You have access to ConnectiveOne technical support or your manager.
• You understand that after enabling, all users will be required to set up 2FA.

How It Works for Users

First Login After Enabling 2FA

1. User enters email/phone and password on the login page.
2. System generates a QR code and displays it on the screen.
3. User opens an authenticator app on their phone (Google Authenticator, Authy, etc.).
4. User scans the QR code with the app.
5. User enters the one-time code from the app into the field on the screen.
6. System saves the 2FA settings for the user.

Subsequent Logins

1. User enters email/phone and password.
2. System requests a one-time code.
3. User opens the authenticator app and enters the current code.
4. After successful code verification, login occurs.

If User Lost Access to the App

If a user lost access to their authenticator app (lost phone, deleted app), an administrator can reset 2FA for that user:

1. Open Settings → Users.
2. Find the required user in the list and open the edit form.
3. Find the "Reset 2FA to user" button (displayed only if 2FA is enabled and the user has 2FA configured).
4. Click the button — it will change color to yellow with a warning.
5. Click the button again to confirm.

After resetting, the user will be able to set up 2FA again on their next login.

Step-by-Step Instructions

Step 1. Contact Technical Support

To enable 2FA, contact ConnectiveOne technical support or your manager.

What to inform:

• Your desire to enable 2FA for your instance.

💡 Note: 2FA configuration is performed by technical support on the product side. Administrators cannot independently enable or disable 2FA through the interface.

Step 2. Inform Users

After technical support enables 2FA, notify users about the changes:

• Explain that they will now need to use an authenticator app for login.
• Recommend installing the app in advance (Google Authenticator, Authy, Microsoft Authenticator).
• Provide instructions on how to set up 2FA on first login.

Step 3. Verify Operation

After enabling 2FA, verify:

1. Try logging in with a test user.
2. Make sure the QR code displays correctly.
3. Test 2FA setup and subsequent login.

What Happens After

After enabling 2FA:

• All users will be required to set up 2FA on their first login after enabling.
• On each login, users will enter a one-time code from the authenticator app.
• The system will become more secure against unauthorized access.

If You Need to Disable 2FA

If you need to disable 2FA for all users, contact ConnectiveOne technical support. After disabling, users will still have 2FA configured in the system, but it will not be required on login.

Related Materials

• How to Set Up 2FA on Login
• How to Configure Authentication and Access Management
• Authentication Scenarios Hub